HTTP: HTML Script Tag Embedded in URL Variables
This signature detects attempts at cross-site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which can violate site security settings. A victim that accesses these hyperlinks can allow the attacker to view the victim's Web cookies. Web cookies typically contain sensitive information. This technique is also used by some advertisement company to gather information about people, since the extend of the information gathered cannot be controlled, this behavior is considered by default malicious.
Extended Description
Joomla! CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Joomla! CMS versions 1.6.3 and prior are vulnerable.
Affected Products
Joomla joomla
References
BugTraq: 16112 39776 101261 54112 16113 37479 18449 36513 9484 22819 37100 63205 24775 48471 22705 72450 40430 28403 47902 72559 22738 21956 22246 100490
CVE: CVE-2013-5223
URL: http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html http://php-security.org/MOPB/MOPB-08-2007.html https://www.pfsense.org/security/advisories/pfsense-sa-16_06.squid.asc https://mantisbt.org/bugs/view.php?id=21611
Short Name
HTTP:XSS:HTML-SCRIPT-IN-URL-VAR
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CA-2000-02 CVE-2004-2115 CVE-2006-0069 CVE-2006-0136 CVE-2006-3101 CVE-2007-0177 CVE-2007-0589 CVE-2007-1111 CVE-2007-3613 CVE-2007-5000 CVE-2007-5923 CVE-2008-1499 CVE-2008-2123 CVE-2008-4014 CVE-2008-5330 CVE-2008-6060 CVE-2009-1218 CVE-2009-1557 CVE-2009-1872 CVE-2009-3469 CVE-2009-4168 CVE-2009-4597 CVE-2010-0380 CVE-2010-0724 CVE-2010-0725 CVE-2010-0817 CVE-2010-1090 CVE-2010-1091 CVE-2010-1661 CVE-2010-1662 CVE-2010-1711 CVE-2010-2091 CVE-2010-2147 CVE-2010-2654 CVE-2010-2655 CVE-2010-2699 CVE-2010-2700 CVE-2010-2714 CVE-2010-2715 CVE-2010-3003 CVE-2010-4647 CVE-2010-4794 CVE-2010-4795 CVE-2010-4857 CVE-2010-5322 CVE-2011-0961 CVE-2011-4155 CVE-2011-4156 CVE-2011-4806 CVE-2012-0233 CVE-2012-1912 CVE-2012-2171 CVE-2012-2172 CVE-2012-2741 CVE-2012-2996 CVE-2012-3183 CVE-2012-4189 CVE-2012-4262 CVE-2012-4939 CVE-2012-5330 CVE-2012-6504 CVE-2012-6505 CVE-2012-6585 CVE-2012-6587 CVE-2012-6589 CVE-2013-0009 CVE-2013-5013 CVE-2013-5223 CVE-2013-5311 CVE-2014-0870 CVE-2014-100017 CVE-2014-10010 CVE-2014-10035 CVE-2014-1648 CVE-2014-1754 CVE-2014-5212 CVE-2014-5360 CVE-2014-6137 CVE-2014-8954 CVE-2014-9224 CVE-2015-1159 CVE-2015-1575 CVE-2015-1630 CVE-2015-1632 CVE-2015-1640 CVE-2015-1757 CVE-2015-2182 CVE-2015-2294 CVE-2015-3300 CVE-2016-6837 CVE-2016-7280 CVE-2017-0068 CVE-2017-12927 CVE-2017-17055 CVE-2017-5798 CVE-2017-6973 CVE-2018-12998 CVE-2018-8006 CVE-2019-10475 CVE-2019-17092 Embedded HTML Script Tag URL Variables bid:100490 bid:101261 bid:16112 bid:16113 bid:18449 bid:21956 bid:22246 bid:22705 bid:22738 bid:22819 bid:24775 bid:28403 bid:36513 bid:37100 bid:37479 bid:39776 bid:40430 bid:47902 bid:48471 bid:54112 bid:63205 bid:72450 bid:72559 bid:9484 in
Release Date
12/18/2003
Supported Platforms
srx-branch-12.3
srx-branch-19.3
vsrx3bsd-19.2
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
srx-19.4
vsrx-12.3
srx-12.3
vsrx-19.2
srx-19.3
vmx-19.4
mx-12.3
mx-19.4
mx-19.3
vmx-19.3
Sigpack Version
3716
False Positive
Rarely
Vendors
Joomla
CVSS Score
7.5
6.5
4.0
4.3
3.5
8.5
4.9
6.8
5.5
5.1
5.0